Switchack

Nintendo switch hax: #1 source of informations

ArchLinux and RetroArch

I’ve successfully booted ArchLinux using ShofEL2. Here is a quick guide on how to do it – I’ll assume you’re computer literate and know how to use a terminal / Linux commands / git.
Everything is taken from the README of the ShofEL2 repo so if you want to go even faster, go read that instead.

Thanks to NightHammer1000 and Y2K-x for the help !

From the ShofEL2 README :

There is a simplified and faster version of this tutorial available here, with precompiled binaries so you don’t have to build everything : https://github.com/SoulCipher/shofel2_linux

The result 

Without a SD card (“waiting for root device sdmmcblk0p2”) :


Stock Arch Linux :


Arch Linux with LXDE :


RetroArch running :

What works / what doesn’t

  • Desktop environment : LXDE
  • Wi-Fi : works but will kernel panic if a Bluetooth device is paired while a network is connected
    • You will need to reboot your Switch and run the exploit again to make the Wi-Fi work (it never works on the first boot)
    • Then enter the Network Manager Application and add your network from there
    • If it doesn’t work, you will need to edit the configuration on the host computer (see the additional notes at the end of this post)
  • Bluetooth : works but will kernel panic if a device is paired while a Wi-Fi network is connected
  • Touch screen : works, although LXDE is not very touch-friendly
  • Audio : doesn’t work yet
  • GPU acceleration : works (via mesa), with OpenGL (and maybe Vulkan too ?)
  • Joy-Cons : not recognized
  • Volume buttons : not working although LXDE seems to recognize them (once the volume up button caused a kernel panic with RetroArch launched)
  • Power button : doesn’t do anything, no sleep mode, no graceful shutdown
  • USB : doesn’t work
  • Dock : not tested yet, but I bet it doesn’t do anything besides charging the battery
  • Power management / battery level : unknown, is Linux even aware that it runs on a battery ?

What you’ll need

  • A computer running Linux with a blue USB SuperSpeed port, or a Mac
    • A Linux VM can work in theory, but it depends on how the USB passthrough is implemented (apparently VMWare works, VirtualBox doesn’t)
  • A USB A-to-C cable (with data support, obviously)
  • Some time (you know, Linux is kinda large)

Prep work

First, you’ll need to install the required toolchains. Open this link and download the tar.gz binaries for

  • aarch64-linux-gnu
  • arm-linux-gnueabi

Be careful to choose the right architecture for your PC (for me it was x86_64 so “gcc-linaro-7.2.1-2017.11-x86_64_arm-linux-gnueabi.tar.xz”).

Once you have them, extract them somewhere nice and add the “bin” (not “lib” as I previously stated) folder of both toolchains to your PATH (“$ export PATH=$PATH:/path/to/toolchain1/lib:/path/to/toolchain2/lib”). The building process won’t work otherwise.

Then, install those dependencies (how to install them and their name might depend on your distribution) :

  • build-essential (sorry I didn’t add it it was obvious to me)
  • libssl-dev
  • swig
  • bison
  • flex
  • python3
  • python-dev
  • python3-pip
  • pyusb 1.0.0 : “$ sudo pip3 install pyusb==1.0.0”
  • libusb-1.0-0-dev

Compiling

Clone each required repository :

Code:
$ git clone https://github.com/fail0verflow/shofel2.git
$ git clone --recursive --depth=1 https://github.com/fail0verflow/switch-coreboot.git coreboot
$ git clone https://github.com/fail0verflow/switch-u-boot.git u-boot
$ git clone --depth=1 https://github.com/fail0verflow/switch-linux.git linux
$ git clone https://github.com/boundarydevices/imx_usb_loader.git

You can grab a coffee or two because Linux has more than 5 million files to download.

Then, build everything :

Code:
$ cd shofel2/exploit
$ make
Code:
$ cd u-boot
$ export CROSS_COMPILE=aarch64-linux-gnu-
$ make nintendo-switch_defconfig
$ make
Code:
$ cd coreboot
$ make nintendo_switch_defconfig
$ make iasl
$ make

If you have a tegra_mtc.bin file error, you’ll have to extract it from a Pixel C stock image :
“$ ./build/util/cbfstool/cbfstool bootloader-dragon-google_smaug.7900.97.0.img extract -n fallback/tegra_mtc -f tegra_mtc.bin”

Or you can download it directly from here : https://www108.zippyshare.com/v/ZjHETezE/file.html

You’ll have to put it in the “coreboot/src/soc/nvidia/tegra210” directory.

Code:
$ cd imx_usb_loader
$ git reset --hard 0a322b01cacf03e3be727e3e4c3d46d69f2e343e
$ make

The big one :

Code:
$ cd linux
$ export ARCH=arm64
$ export CROSS_COMPILE=aarch64-linux-gnu-
$ make nintendo-switch_defconfig
$ make

If you encounter issues about a missing rule “/lib/firmware/nvidia/tegra210/vic04_ucode.bin” for the target “firmware” you’ll have to :

  • install the firmware-misc-nonfree package
  • if you can’t install it, or if it still doesn’t work, download the package manually from debian sid and extract the file “/lib/firmware/nvidia/tegra210/vic04_ucode.bin” (from the root of your PC, not on the cloned repo) from the DEB (and chmod it if needed)

If you encounter issues about a missing rule “/lib/firmware/brcm/brcmfmac4356-pcie.txt”, download this file and put it in “/lib/firmware/brcm/” (from the root of your PC, not on the cloned repo)

Building the rootfs

This is the annoying part. Download the archive / image corresponding to the distribution you want to use :

If it’s a tarball you just downloaded

While it’s downloading, you’ll have to take a microSD card and, using the software of your choice (I used GParted) :

  • remove every existing partition to only have unallocated space on it (do I need to tell you that you’re going to loose everything on the card ?)
  • create a tiny FAT32 partition (I chose 200mb but it doesn’t matter) – that’ll be mmcbkl0p1, you can label it “garbage”
  • create an ext4 partition on the remaining part of the card – that’ll be mmcblk0p2, you can label it “rootfs”
  • it’s important that the FAT32 partition comes first and the ext4 one comes after – on the Switch, Linux will look for mmcblk0p2, the second partition, if you have scrolling boot logs and then back to RCM it means you did it wrong

Once the rootfs tarball is downloaded, you can simple extract it to the mounting point of the ext4 partition you just created :

Code:
$ tar xvf ArchLinuxARM-aarch64-latest.tar.gz -C /mounting/point/of/ext4/partition; sync
$ cp ArchLinuxARM-aarch64-latest.tar.gz /mounting/point/of/ext4/partition/root; sync

(“/mounting/point/of/ext4/partition/root” is the “root” directory on the partition)

Don’t forget to properly eject the SD Card !

If “tar xvf” doesn’t work for you you can install “bsdtar” and use “bsdtar -xpf” instead

Then you can put the SD card in the console.

If it’s a img / bin file you just downloaded

You can simply write it on your SD card using :

  • If you’re on Windows, Ether or Win32DiskImager
  • If you’re on Linux / Mac OS : “sudo dd if=yourimage.img of=/dev/sdbX” where /dev/sdbX is the device of your SD card (unmounted)

You will probably want to open a partition manager to resize the ext4 partition once it’s flashed, so that it fits your SD card.

Then you can put the SD card in the console.

Booting linux

Run the exploit :

Code:
$ cd shofel2/exploit
$ sudo ./shofel2.py cbfs.bin ../../coreboot/build/coreboot.rom

Your terminal should now be waiting for the Switch to enter RCM mode.

To do so : (I don’t have pictures but that’s the same method as fusée gelée, just look at some video tutorials)

  • plug the Switch on your PC using the USB A-to-C cable – use a blue SuperSpeed port if you have one
  • shut it down
  • remove the right joy-con
  • using a method of your choice, short the 10th pin of the right joy-con (the last pin on the right, away from the screen, closer to the back) with the ground : that can be pin 1, 2 or 7, that can also be a screw on the joy-con rack or the console’s fan – I personnaly stick a RPi jumper wire in the fan and touch the 10th pin on the other side, works everytime (like this)
  • keep the pins shorted and power the Switch while pressing the volume UP button

If it worked, the console will show a black screen and you’ll see the exploit running on your terminal. If you see the Nintendo logo, it has failed. You can power off the console and try again.

Then, run those last commands :

Code:
$ cd shofel2/usb_loader
$ ../../u-boot/tools/mkimage -A arm64 -T script -C none -n "boot.scr" -d switch.scr switch.scr.img
$ sudo ../../imx_usb_loader/imx_usb -c .

Linux should then boot on your console – first the boot logs with the penguins, and then an ArchLinux login prompt. Voilà !
Again, if you have the boot logs and then a black screen, it means you did the SD card part wrong.

Additional notes

Hardware graphics acceleration

To add mesa drivers install this package using pacman :
https://0w0.st/mesa-full-tegra-r101876.bf5e0276b6-1-aarch64.pkg.tar.xz

You will need a working internet connection to do so

The latest LXDE rootfs tarball already contains this fix.

Full speed RAM

According to the blog post (“Linux on Switch boot chain” section), you need to extract a file from a Pixel C factory image in order to have the RAM working at full speed. I didn’t do it so I won’t cover it here.

Fixing calibration issues of the touch screen (thanks to @Wizardy)

To fix calibration issues of the touch screen, edit the file /usr/share/X11/xorg.conf.d/10-evdev.confg (of the rootfs)

And change the InputClass section to :

Code:
Section "InputClass"
        Identifier "evdev touchscreen catchall"
        MatchIsTouchscreen "on"
        MatchDevicePath "/dev/input/event*"
        Driver "evdev"
        Option "InvertX" "no"
        Option "InvertY" "yes"
        Option "SwapAxes" "yes"
        Option "Calibration" "0 1279 0 719"
EndSection

Wi-Fi

To setup Wi-Fi, mount the rootfs partition on your host PC and edit the configuration for your network in the file “/etc/NetworkManager/system-connections” (if it doesn’t exist, take Gigaspot).

To have a working Wi-Fi you must reboot your Switch and run the exploit again each time you power it off.

 

Source: gbatemp forum user

Updated: April 28, 2018 — 3:50 am

Leave a Reply

Your email address will not be published. Required fields are marked *

Switchack © 2018
Http://www.switchack.com/